Files · 89e9486bc3da83ae031313c4b0224a7b46e83ab6 · Stefan Westerfeld / ffmpeg

avcodec/h264_mp4toannexb: Fix heap buffer overflow · 89e9486b

Zhao Zhili authored Mar 25, 2024

Fixes: out of array write
Fixes: 64407/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_MP4TOANNEXB_fuzzer-4966763443650560

mp4toannexb_filter counts the number of bytes needed in the first
pass and allocate the memory, then do memcpy in the second pass.
Update sps/pps size in the loop makes the count invalid in the
case of SPS/PPS occur after IDR slice. This patch process in-band
SPS/PPS before the two pass loops.
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>

89e9486b

Name	Last commit	Last update
compat		Loading commit data...
doc		Loading commit data...
ffbuild		Loading commit data...
fftools		Loading commit data...
libavcodec		Loading commit data...
libavdevice		Loading commit data...
libavfilter		Loading commit data...
libavformat		Loading commit data...
libavutil		Loading commit data...
libpostproc		Loading commit data...
libswresample		Loading commit data...
libswscale		Loading commit data...
presets		Loading commit data...
tests		Loading commit data...
tools		Loading commit data...
.gitattributes		Loading commit data...
.gitignore		Loading commit data...
.mailmap		Loading commit data...
.travis.yml		Loading commit data...
CONTRIBUTING.md		Loading commit data...
COPYING.GPLv2		Loading commit data...
COPYING.GPLv3		Loading commit data...
COPYING.LGPLv2.1		Loading commit data...
COPYING.LGPLv3		Loading commit data...
CREDITS		Loading commit data...
Changelog		Loading commit data...
INSTALL.md		Loading commit data...
LICENSE.md		Loading commit data...
MAINTAINERS		Loading commit data...
Makefile		Loading commit data...
README.md		Loading commit data...
RELEASE		Loading commit data...
configure		Loading commit data...

README.md